[英]How does the authentication apply to all aspx pages for a Web Application using C# in Visual Studio 2010?
I have create a web application in Visual Studio 2010 using C#. 我已经在Visual Studio 2010中使用C#创建了一个Web应用程序。
I have two web page and the web application is hosted on a machine that has joined a domain WATSON
我有两个网页,该Web应用程序托管在加入域
WATSON
The first web page is basically the login page. 第一个网页基本上是登录页面。 The end user will enter their username and password and select their domain and click submit.
最终用户将输入其用户名和密码,然后选择其域,然后单击提交。
Now, the problem is that although I use the following code to authenticated the user, but I do not know how should I store the authenticated result as. 现在的问题是,尽管我使用以下代码对用户进行了身份验证,但是我不知道该如何存储身份验证结果。
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, txtboxDomain.Text))
{
// validate the credentials
bool isValid = pc.ValidateCredentials(txtboxUser.Text, txtboxPass.Text);
}
I thought of storing the authenticated result as a cookie but I run the risk that the end-user might disable the cookie setting or the end-user try something funny to the cookie. 我曾想将经过身份验证的结果存储为cookie,但是冒着最终用户可能会禁用cookie设置或最终用户尝试对cookie进行一些搞笑的冒险。
Also, I can't be possible putting the login page on each of the web pages that my web application have. 另外,我无法将登录页面放在Web应用程序所具有的每个网页上。
Also, suppose I redirect the end-user who have successfully authenticated to another aspx page, the end-user might just bookmark that aspx page. 另外,假设我将已成功验证身份的最终用户重定向到另一个aspx页面,则最终用户可能只是将该aspx页面添加为书签。 So, next time, the end-user will just go straight to the aspx page without going to the Login page.
因此,下次,最终用户将直接进入aspx页面,而无需进入登录页面。 Then the end-user will not need to login, which is what I don't want it to happen.
然后,最终用户将不需要登录,这是我不希望发生的事情。
So, how should I go about to enable that only those correct and rightful user are able to access the another aspx page? 因此,我应该如何使只有那些正确和合法的用户才能访问另一个aspx页面?
Take a look at one of my answers how you can set windows authentication on application level: 看一下我的答案之一,您如何在应用程序级别设置Windows身份验证:
WindowsIdentity and Classic .Net App Pool WindowsIdentity和经典.Net应用程序池
And here is another link how you can limit user access to specific pages, it might get you handy: 这是另一个链接,您可以通过它来限制用户对特定页面的访问,这可能会让您方便:
How to restrict unlogged/unauthorized users from viewing web pages in ASP.NET 如何限制未登录/未经授权的用户查看ASP.NET中的网页
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.